Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII

click here to

Subscribe to our newsletter



To Unsubscribe click here

Updating The Code Of Conduct With A Chapter On Practical GRC Issues

Post financial crisis, Governance, Risk Management and Compliance (GRC) enforcement is gathering momentum and the dynamic GRC components have a growing interest all over the world. Establishment of global GRC compliance programs is critical to prevent violations, even though companies do not get credit for the quality of the GRC program from the oversight authorities.



Given the size of the financial meltdown of 2008 relatively little has changed in the content of the code of conduct. The result of the crisis was some rather severe 'injury' to the staff and the balance sheet of the company. Many reports claim that the crisis and the meltdown was a result of cultural abuse and misconduct at the root-cause of the crisis. We must all do everything possible to avoid that the global financial structure, represented by all corporates and financial institutions, does not fall apart again. Let's start from the beginning with a revised the code of conduct for all employees.

Inclusion of GRC in the Code of Conduct booklet
The rewards of an effective and respectable GRC compliance program come from the investors and other stakeholders. To ensure that the GRC compliance program is effective, it should be targeted to those kinds of risks that trigger the specific activities of the company, as well as the activities of employees the company. That is the primary reason, why the GRC codes must be included in the Code of Conduct.

However, before the HR or marketing department place the glossy words in the Code of Conduct, it is important to address a few questions that relate to GRC inclusion in the Code of Conduct booklet.

Depending on the nature, he size and risk maturity level, the first step is to explain the nature and exposure to the business;
  • Have you performed or participated in a GRC risk assessment lately?
  • Does the business process in each location, involve manufacturing and selling directly or thru distributors, other manufacturers, or consumers?

The result of the above two questions poses a different kind of GRC risks and decides the focus and concentration of the next assessment in the codex.
  • The product and the market; What type of competition and or domination exists.
  • Attributes of the product and the impact on the geographic market
  • Loyalty to product, industry and trade issues

The consolidated response to above five questions can be both informative and determine the emphasis of the GRC program in the Code of Conduct booklet.

Good faith & adequate procedures
The next step is to determine the value of the GRC components of the compliance program.
Effective GRC compliance programs start at the top, and the program should encourage employees to report wrongdoing. Because failure to implement an effective compliance program will now likely result in a trial and/or imprisonment of a the officers involved in the case of severe negligence.

The primary purpose of implementing a GRC program is that it is a part of a company's due diligence to prevent and detect GRC violations. The secondary purpose is to show the company is in good faith as all as all adequate GRC procedures were implemented. The code of conduct with all its components like monitoring, training, testing etc. can provide additional documentation.

Proper procedures
The existence of a dependable and operative program is best judged by management, board, and the auditors. A compliance program that is considered reliable and effective is one that is customized, and the GRC officer can demonstrate that it was reasonably designed, implemented and enforced.

The practical examples of the findings and tests can then find their way to the Code of Conduct, depending on the level of transparency that exists in the company.

Cultural abuse & misconduct as the cause
The editor of the code must also have access to relevant records and individuals in order properly to assess the integrity of the company's GRC program when examples are stated in the code of conduct.

Participate in the Indian HR Summit on the 26th June 2015 to learn more on updating the Code og Conduct
http://copenhagencompliance.com/2015/indiahrsummit/